On Tue, Jun 19, 2018 at 1:02 PM, Grant Taylor
wrote:
> On 06/19/2018 05:57 AM, Mick wrote:
>>
>> Actually, I don't know if there is a way to set up multiple nameservers
>> for corresponding name resolution in/out of the tunnel, without using a
>> domain- specific override as you would with
On 06/19/2018 05:57 AM, Mick wrote:
Actually, I don't know if there is a way to set up multiple nameservers
for corresponding name resolution in/out of the tunnel, without using a
domain- specific override as you would with dnsmasq and without leaking
DNS queries to the ISP if you are meant to
On Monday, 18 June 2018 15:37:00 BST Grant Taylor wrote:
> On 06/18/2018 04:30 AM, Mick wrote:
> > The above does not offer him a route into the company's LAN and he cannot
> > connect to the servers *.i.company.com.
>
> Small nuance that routes don't deal with names and that names must be
>
On 06/18/2018 04:30 AM, Mick wrote:
Hi Grant,
Hi Mick,
I am not overly familiar with networkmanager and the OP has not shared any
screenshots or tab-by-tab NM settings, but had a look on a Gnome desktop
and when hovering over the "Use only for resources on this connection"
setting in the
Hi Grant,
On Monday, 18 June 2018 03:59:32 BST Grant Taylor wrote:
> On 06/17/2018 03:05 PM, Mick wrote:
> > TBH I wouldn't select "Use only for resources on this connection",
>
> I thought "Use only for resources on this connection" would enable (what
> I know as) "split horizon", which is what
On 06/17/2018 03:05 PM, Mick wrote:
TBH I wouldn't select "Use only for resources on this connection",
I thought "Use only for resources on this connection" would enable (what
I know as) "split horizon", which is what I thought the OP wanted to do.
In other words route company traffic
Hilco, I don't know if this thread was resolved - additional suggestions
posted below.
On Saturday, 9 June 2018 01:20:18 BST Hilco Wijbenga wrote:
> Let me give some more information, perhaps that will help.
>
> Setup without VPN
> $ ip route
> default via 192.168.151.1 dev eth0 proto static
On 06/12/2018 09:17 AM, Hilco Wijbenga wrote:
Okay, I've got it mostly working now. The missing route seems to be
"10.0.0.0", "255.0.0.0", "0.0.0.0", "100".
255.0.0.0/8 is special and 0.0.0.0/0 is very special.
255/8 is not globally routed and contains 255.255.255.255 which is used
as a
Okay, I've got it mostly working now. The missing route seems to be
"10.0.0.0", "255.0.0.0", "0.0.0.0", "100". So not the gateway but
0.0.0.0. This works both in Gentoo and VirtualBox ... except for (at
least) one internal site.
I have a.i.company.com ("a") and b.i.company.com ("b"). Dig in
On 06/11/2018 06:50 PM, Alarig Le Lay wrote:
The “dev” syntax is correct. As tun0 is a L3 tunnel, you don’t
have to bother about ARP next-hop resolution.
Thank you for the confirmation Alarig.
--
Grant. . . .
unix || die
So, from what I’m reading in the thread you need three things:
1. Look at what are the internal ranges used at work
2. Disable the default route to the VPN
3. For each range, add a route like 'ip route add $range dev
tun0'
For the last part, it should be a good
Hi,
On ven. 8 juin 18:34:14 2018, Grant Taylor wrote:
> I'd then reconfigure the VPN with "Use only for resources on this
> connection." and then do something like this:
>
> I'm not completely sure about the "dev" syntax as it's been a while since
> I've done routes via devices. Check IP's man
On 06/11/2018 02:51 PM, Mick wrote:
As I understand it, the CGN router will rewrite the IP headers and ports from/
to the SOHO router using PCP. This is not a TCP-over-TCP tunnel.
The VPN could be TCP based and it could be sending TCP through it. Yes,
the potential pitfalls of TCP-in-TCP
On Monday, 11 June 2018 17:47:16 BST Grant Taylor wrote:
> On 06/11/2018 04:55 AM, Mick wrote:
> > You'll need a trusted gateway to do the unwrapping and then forwarding
> > to the next hop (SSH forwarding). If you attempt TCP-tunneling
> > (TCP-over-TCP) you'll soon experience 'TCP meltdown'
On 06/11/2018 04:55 AM, Mick wrote:
You'll need a trusted gateway to do the unwrapping and then forwarding
to the next hop (SSH forwarding). If you attempt TCP-tunneling
(TCP-over-TCP) you'll soon experience 'TCP meltdown' with upper and
lower TCP layers' retransmission timeouts.
I
On Sunday, 10 June 2018 23:51:42 BST Grant Taylor wrote:
> On 06/10/2018 12:30 PM, Mick wrote:
> > If NAT'ed between guest and host and then NAT'ed again at the home
> > router, you are double NAT'ed.
>
> Or possibly triple NATed if your ISP is using Carrier Grade NAT.
>
> At least that's one
On 06/10/2018 12:30 PM, Mick wrote:
If NAT'ed between guest and host and then NAT'ed again at the home
router, you are double NAT'ed.
Or possibly triple NATed if your ISP is using Carrier Grade NAT.
At least that's one definition of "double NAT". I tend to use a
different definition, one
On Sun, Jun 10, 2018 at 11:08 AM Wol's lists wrote:
>
> On 10/06/18 17:53, Mick wrote:
> > On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> >> Okay, with all that advice, I gave it another try. I'm also setting up
> >> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
On Sun, Jun 10, 2018 at 11:31 AM Mick wrote:
>
> On Sunday, 10 June 2018 19:07:59 BST Wol's lists wrote:
> > On 10/06/18 17:53, Mick wrote:
> > > On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> > >> Okay, with all that advice, I gave it another try. I'm also setting up
> > >> a
On Sun, Jun 10, 2018 at 10:03 AM Grant Taylor
wrote:
>
> On 06/09/2018 06:31 PM, Hilco Wijbenga wrote:
> > Okay, with all that advice, I gave it another try. I'm also setting
> > up a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> > networking. I've changed this to 172.16.0.0
On Sunday, 10 June 2018 19:07:59 BST Wol's lists wrote:
> On 10/06/18 17:53, Mick wrote:
> > On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> >> Okay, with all that advice, I gave it another try. I'm also setting up
> >> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for
On 10/06/18 17:53, Mick wrote:
On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
Okay, with all that advice, I gave it another try. I'm also setting up
a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
networking. I've changed this to 172.16.0.0 so now I can easily
On 06/10/2018 10:53 AM, Mick wrote:
Ahh! If you're trying to set this up within a VM, this adds a whole
new layer of complexity. I assume you're setting up a bridge between
host and guest device(s)?
Yes, VMs can add additional complexity to the situation. However I
suspect that's not the
On 06/09/2018 06:31 PM, Hilco Wijbenga wrote:
Okay, with all that advice, I gave it another try. I'm also setting
up a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
networking. I've changed this to 172.16.0.0 so now I can easily tell
that network from work network (which
On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> Okay, with all that advice, I gave it another try. I'm also setting up
> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> networking. I've changed this to 172.16.0.0 so now I can easily tell
> that network from work
Okay, with all that advice, I gave it another try. I'm also setting up
a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
networking. I've changed this to 172.16.0.0 so now I can easily tell
that network from work network (which seems to use 10.25.0.0)
I wanted to add a route to
On Saturday, 9 June 2018 01:20:18 BST Hilco Wijbenga wrote:
> On Fri, Jun 8, 2018 at 4:34 PM Mick wrote:
> > On Friday, 8 June 2018 23:21:52 BST Grant Taylor wrote:
> > > On 06/08/2018 03:31 PM, Hilco Wijbenga wrote:
> > > > Sigh, I take it back. That causes the internal sites to no longer
> > >
On 06/08/2018 06:20 PM, Hilco Wijbenga wrote:
What would be the "correct" output for "ip route"?
It's difficult to say.
I'd look up some of the *.i.company.com names and see what IP addresses
they resolve to.
I'd then reconfigure the VPN with "Use only for resources on this
connection."
On Fri, Jun 8, 2018 at 4:34 PM Mick wrote:
>
> On Friday, 8 June 2018 23:21:52 BST Grant Taylor wrote:
> > On 06/08/2018 03:31 PM, Hilco Wijbenga wrote:
> > > Sigh, I take it back. That causes the internal sites to no longer work.
> >
> > Okay.
> >
> > So you're on the proper track.
> >
> > I'm
On Friday, 8 June 2018 23:21:52 BST Grant Taylor wrote:
> On 06/08/2018 03:31 PM, Hilco Wijbenga wrote:
> > Sigh, I take it back. That causes the internal sites to no longer work.
>
> Okay.
>
> So you're on the proper track.
>
> I'm guessing the work network isn't a simple single prefix. Or at
On 06/08/2018 03:31 PM, Hilco Wijbenga wrote:
Sigh, I take it back. That causes the internal sites to no longer work.
Okay.
So you're on the proper track.
I'm guessing the work network isn't a simple single prefix. Or at least
the VPN client doesn't route enough through the VPN.
Check
On Fri, Jun 8, 2018 at 2:19 PM Hilco Wijbenga wrote:
>
> On Fri, Jun 8, 2018 at 1:59 PM Grant Taylor
> wrote:
> > > Any ideas?
> >
> > My bet is routing. Specifically the default gateway probably gets
> > changed to route through the VPN when connected.
> >
> > You may want to reconfigure the
On Fri, Jun 8, 2018 at 1:59 PM Grant Taylor
wrote:
> > Any ideas?
>
> My bet is routing. Specifically the default gateway probably gets
> changed to route through the VPN when connected.
>
> You may want to reconfigure the VPN client to only route work prefixes
> through the VPN and let
On 06/08/2018 01:42 PM, Hilco Wijbenga wrote:
Hi all,
Hi Hilco,
I am logging all DNS requests and I can see that dnsmasq is responding
correctly (and, in fact, identically) to, say, google.com with or without
VPN. But the browser just hangs. Until I disconnect VPN, then everything
works
Hi all,
I'm working from home today. :-) (*) To access parts of my employer's
infrastructure, I need to use VPN. So I installed NetworkManager, and
vpnc, and dnsmasq and configured it all. I can now VPN in successfully
and I can see the internal sites. Unfortunately, while VPN is active,
35 matches
Mail list logo
